General
-
Target
IPPMKEK.html
-
Size
4.1MB
-
Sample
220928-zb5v1shaa9
-
MD5
82c470c652ce1f039edb6486f878f766
-
SHA1
425a90761731d3d4867a0e4628d46cf1c4856f44
-
SHA256
792d8bfb5e0660c8967fa84902963bbd3ccc345f9e17f777c6d016343655afdf
-
SHA512
bee0e81e11f8a4457b89dee54a26ff8148e520d7049df77d0a2705bb92402f3f6814b1e103dc17a267ee7874821f4ed0567e2aa50841247748cc534a57bde92a
-
SSDEEP
98304:8HswGIPlWbxvQ04sgyZ6L1ympDF73twzC/:8bL4ldgyZqI8DF7MC/
Behavioral task
behavioral1
Sample
IPPMKEK.exe
Resource
win7-20220812-en
Malware Config
Extracted
raccoon
9b19cf60d9bdf65b8a2495aa965456c3
http://94.131.107.206
Targets
-
-
Target
IPPMKEK.html
-
Size
4.1MB
-
MD5
82c470c652ce1f039edb6486f878f766
-
SHA1
425a90761731d3d4867a0e4628d46cf1c4856f44
-
SHA256
792d8bfb5e0660c8967fa84902963bbd3ccc345f9e17f777c6d016343655afdf
-
SHA512
bee0e81e11f8a4457b89dee54a26ff8148e520d7049df77d0a2705bb92402f3f6814b1e103dc17a267ee7874821f4ed0567e2aa50841247748cc534a57bde92a
-
SSDEEP
98304:8HswGIPlWbxvQ04sgyZ6L1ympDF73twzC/:8bL4ldgyZqI8DF7MC/
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-